ProHoster > Blog > Utongi > Microsoft's Alternative kune Setifiketi Chiremera

Microsoft's Alternative kune Setifiketi Chiremera

Vashandisi havavimbike. Kazhinji, vane usimbe uye vanosarudza kunyaradza pane kuchengeteka. Maererano nenhamba, 21% vanonyora pasi mapassword avo eakaunti yebasa pabepa, 50% inoratidza mapassword akafanana ebasa uye masevhisi emunhu.

Mhoteredzo inovengawo. 74% yemasangano anobvumira zvishandiso zvemunhu kuti zviunzwe kushanda uye zvakabatanidzwa kune network yemakambani. 94% yevashandisi haigone kusiyanisa pakati peemail chaiyo neye phishing, 11% yakadzvanya pane zvakabatanidzwa.

Matambudziko ese aya anogadziriswa nekambani yeruzhinji kiyi zvivakwa (PKI), iyo inopa mail encryption uye huchokwadi, uye inotsiva mapassword nezvitupa zvedhijitari. Izvi zvivakwa zvinogona kusimudzwa paWindows Server. Maererano ne tsananguro kubva kuMicrosoft, Active Directory Certificate Services (AD CS) iseva inobvumidza iwe kugadzira PKI musangano rako uye kushandisa yeruzhinji kiyi cryptography, zvitupa zvedhijitari, uye masiginecha edhijitari.

Asi mhinduro yeMicrosoft inodhura zvakanyanya.

Yese Mutengo Wevaridzi weMicrosoft Private CA

Microsoft's Alternative kune Setifiketi Chiremera
Mutengo wekuenzanisa wevaridzi pakati peMicrosoft CA neGlobalSign AEG. Chinhu

Mune akawanda mamiriro, zviri nyore uye zvakachipa kugadzira imwechete yakavanzika setifiketi chiremera, asi nekutonga kwekunze. Iri ndiro chairo dambudziko rinogadziriswa neGlobalSign Auto Enrollment Gateway (AEG). Mitsetse yakati wandei yemari inobviswa pamutengo wakazara wevaridzi (kutenga zvekushandisa, mari yekutsigira, kudzidziswa kwevashandi, nezvimwewo). Kuchengeta kunogona kudarika 50% yemutengo wakazara wevaridzi.

Chii chinonzi AEG

Microsoft's Alternative kune Setifiketi Chiremera

Auto Kunyoresa Gedhi (AEG) isoftware sevhisi inoshanda segedhi pakati peSaaS GlobalSign chitupa masevhisi uye Windows bhizinesi nharaunda.

AEG inosanganisirwa neActive Directory, ichibvumira masangano kuti aite otomatiki kunyoreswa, kupa uye manejimendi eGlobalSign zvitupa zvedhijitari munzvimbo yeWindows. Nekutsiva maCA emukati neGlobalSign masevhisi, mabhizinesi anowedzera kuchengetedzeka uye kuderedza mutengo wekutarisira yakaoma uye inodhura yemukati Microsoft CA.

GlobalSign SaaS Certificate Services isarudzo yakavimbika pane isina kusimba uye isina kutungamira zvitupa pazvivakwa zvako. Kubvisa kudiwa kwekutonga resource-yakanyanya mukati CA kunoderedza mutengo wakazara wevaridzi wePKI, pamwe nenjodzi yekutadza kwehurongwa.

Tsigiro yeSCEP uye ACME mapuroteni anowedzera rutsigiro kupfuura Windows, kusanganisira otomatiki kuburitsa zvitupa zveLinux maseva, nharembozha, network zvishandiso, uye zvimwe zvishandiso, pamwe neApple OSX makomputa akanyoreswa muActive Directory.

Enhanced Security

Pamusoro pekuchengetedza mari, kunze kwePKI manejimendi inovandudza kuchengetedzeka kwehurongwa. Sezvinocherechedzwa neAberdeen Boka rekudzidza, zvitupa zviri kuramba zvichinangwa nevanorwisa vanobudirira kushandisa zvisizvo zvinozivikanwa senge zvitupa zvisina kuvimbwa zvakasaina, encryption isina simba, uye nzira dzinonetsa dzekubvisa. Pamusoro pezvo, vapambi vakagona hunyanzvi hwakanyanya, sekuburitsa zvitupa zvechitsotsi kubva kumaCA anovimbwa uye zvitupa zvekunyepa zvekusaina kodhi.

"Mabhizinesi mazhinji haatarise njodzi dzine chekuita nekurwiswa uku uye haana kugadzirira kukurumidza kupindura kune kutengeserana," akanyora Derek E. Brink, Mutevedzeri weMutungamiri uye IT Security Fellow paAberdeen Group. "Nekugonesa mabhizinesi kuti aise mabatiro ekushanda kwechitupa mumaoko enyanzvi vachichengeta kutonga kwekambani pamusoro pezvirongwa zveboka muActive Directory, GlobalSign ine chinangwa chekuchengetedza remangwana kukura kwekushandiswa kwechitupa nekugadzirisa kuchengetedzeka uye nyaya dzekuvimba mune inoshanda, mutengo. -inoshanda deployment model."

Iyo AEG inoshanda sei

Microsoft's Alternative kune Setifiketi Chiremera

Iyo yakajairwa AEG sisitimu inosanganisira zvina zvakakosha zvikamu kuti ive nechokwadi chekuti zvitupa zvinotumirwa kunzvimbo dzakakodzera dzekuwana:

  1. AEG software paWindows server.
  2. Active Directory maseva kana domain controller inobvumira vatariri kutonga uye kuchengetedza ruzivo nezve zviwanikwa.
  3. Endpoints: vashandisi, zvishandiso, maseva uye nzvimbo dzekushandira - ingangoita chero chinhu chiri "mutengi" wedhijitari zvitupa.
  4. A GlobalSign Certification Authority, kana GCC, inogara pamusoro pechitupa chakavimbika chekuburitsa uye chikuva chekutungamira. Apa ndipo panogadzirwa zvitupa.

Zvitatu zvezvikamu zvina zvinoratidzwa zviri-panzvimbo pamutengi, uye chechina chiri mugore.

Chekutanga, mapeji ekupedzisira anofanogadzirirwa uchishandisa marongero eboka: semuenzaniso, kusimbiswa kwechitupa chechokwadi chemushandisi, S/MIME chikumbiro chechitupa, zvichingodaro - kune inotevera kubatana kune AEG server. Kubatana kwakachengeteka neHTTPS.

Iyo AEG server inobvunza Active Directory kuburikidza neLDAP yerunyorwa rwezvitupa matemplate eaya ekupedzisira uye inotumira runyoro kune vatengi pamwe nenzvimbo yeCA. Mushure mekugamuchira iyi mitemo, iyo yekupedzisira inobatana neAEG server zvakare, ino nguva yekukumbira zvitupa chaizvo. AEG, zvakare, inogadzira kufona kweAPI ine yakatarwa paramita uye inotumira kuGlobalSign Certification Authority kana GCC kuti igadziriswe.

Chekupedzisira, iyo GCC yekumashure inogadzirisa zvikumbiro, kazhinji mukati memasekondi mashoma, uye inotumira mhinduro yeAPI pamwe nechitupa chinozoiswa pamagumo pakukumbira.

Maitiro ese anotora masekonzi mashoma uye anogona kuve akazara otomatiki nekugadzirisa endpoints kuti uwane otomatiki zvitupa uchishandisa marongero eboka.

AEG Unique Features

  • Iwe unogona kunyoresa kuburikidza ne MDM chikuva.
  • Yakagadzirwa nevaimbova vashandi kubva kuMicrosoft Crypto timu.
  • Solution pasina mutengi.
  • Kuitwa kwakareruka uye manejimendi ehupenyu.

Microsoft's Alternative kune Setifiketi Chiremera
Mienzaniso yezvivakwa

Saka, ekunze PKI manejimendi kuburikidza neGlobalSign AEG gedhi zvinoreva kuwedzera kuchengetedzeka, kuchengetedza mutengo uye kuderedza njodzi. Imwe bhenefiti iri nyore scalability uye yakagadziridzwa kuita. PKI yakanyatsogadziriswa inova nechokwadi chenguva refu, inobvisa kukanganisa kumabasa akakosha nekuda kwezvitupa zvisina basa, uye inopa vashandi vari kure, kuwana kwakachengeteka kune network network.

AEG inotsigira huwandu hwakawanda hwemakesi ekushandisa anoda mbiri-chinhu chechokwadi, kubva kure kure nevatengi veboka rebasa vanowana network kuburikidza neVPN neWi-Fi, kusvika kune rombo rakanaka rekuwana zviwanikwa zvine hunyanzvi kuburikidza nemakadhi akangwara.

GlobalSign mutungamiri wepasi rose mukupa gore uye networked PKI mhinduro dzekuzivikanwa uye kuwana manejimendi. Kuti uwane rumwe ruzivo nezvechigadzirwa, ndapota taura vatungamiri vedu.

Source: www.habr.com

Voeg